Even though Britain is set to leave the European Union following the Brexit vote, British businesses will still have to adopt the new EU General Data Protection Regulation when it comes into force in May 2018.
Is your Business Ready?
The Information Commissioners Office has produced a handy overview of GDPR that you can read here
According to the (ISC) ² Europe Middle East and Africa Advisory Council (EAC) 79% of Britain’s medium and large companies are unsure about their compliance.
It doesn’t matter that the UK is set to leave the EU, even if an organisation is not based in the EU it will still fall under the GDPR rules if it processes personal data of EU citizens. Also, Businesses, major service providers or operators of essential services must notify the authorities in case they suffer a cyber-attack that results in the loss of data.
Failure to comply with the GDPR can result in hefty fines. Lower tier fines are set to be €10 million or 2% of total worldwide turnover of the preceding year, whichever is higher. The highest tier fines are set to be €20 million or 4% of total worldwide turnover of the preceding year, whichever is higher.
For advice on how to get your business ready for the new regulations contact the experts at PGI.
How can we help you?
We will be able to support in a number of ways:
Risk assessment is key to the new standard. PGI are experts in Information Risk Management and can help clients through the entire process of identifying critical assets, performing risk assessments taking into account actual threats and vulnerabilities, and proposing risk mitigation plans
For those carrying the highest risks, we can assist with the implementation of an integrated information Security Management System (ISMS) – meeting the requirements of a number of framework standards, including: Cyber Essentials, ISO 27001, etc.
PGI can also provide pen testing / vulnerability assessments to identify and remediate vulnerabilities to reduce the risk of compromise in the first instance so an organisation won’t have to report a breach.